How to convert a PFX file into mobileconfig format?

Question

Level 1

9 points

How to convert a PFX file into mobileconfig format?

Hi,

I'm trying to automate the task of creating a mobileconfig file with a client certificate in it.

I understand that this is some kind of base64 encoding, but I don't get what they're encoding.

My PFX files are protected with a password (Although I tried to create a PFX without the password, and the base64 version of it differs from the .mobileconfig from iPCU version of it).

I already saw Alginald99 tip in: https://discussions.apple.com/thread/2780207?answerId=15080631022#15080631022

That tip didn't work for me. When I convert my PFX file to base64, the encoded string is nothing like the string in the .mobileconfig I created by iPCU.

Alginald99 - If you're still hang here - please help! 🙂

Thanks,

Bar.

iPhone 4, iOS 4.2

Posted on Jul 5, 2011 1:46 AM

Reply

Answer 1

Jul 6, 2011 3:19 PM in response to Bartzy~

Use the iPhone Configuration Utility to import the pfx into a new configuration profile. Once you have it in there, use the Export feature to export the configuration profile and it will give you a .mobileconfig file. Once you have this file, you can use the whole thing or just the part you need from it. It's just a regular xml file that conforms to some schema from Apple.

Reply

Answer 2

Bartzy~ Author

Level 1

9 points

Jul 6, 2011 4:03 PM in response to flowershark

Hi flowershark,

I'm trying to manually create the mobileconfig (through a script), and "inject" the certificate into the mobileconfig file. I can't determine how to turn the PFX into the string in the mobileconfig.

Reply

Answer 3

Mar 1, 2012 2:43 AM in response to Bartzy~

Hi Bartzy,

I am trying to do the same thing. Did you find out how to do this ?

Reply

Answer 4

Bartzy~ Author

Level 1

9 points

Mar 1, 2012 3:03 AM in response to elisonniven

Hi Elison,

It was a while back, so I may not remember exactly - but I think I just configured each certificate manually via the iPhone Configuration Utility at the end.

Sorry. 🙂

Bar.

Reply

Answer 5

Mar 1, 2012 3:06 AM in response to Bartzy~

Thanks, aargh why can't apple keep things simple ?

Reply

Answer 6

Mar 7, 2012 4:28 AM in response to Bartzy~

Hi Elison

you can convert a pfx/p12 file with openssl or with Microsoft certutil utility.

syntax:

openssl enc -a -in user.p12 -out user.enc

or

certutil.exe -encode user.p12 user.enc

Merge the new user.enc file into your unsigned mobileconfig file.

Reply

Answer 7

Mar 7, 2012 5:01 AM in response to Bartzy~

Hi fredfrombern (zollikofen),

Thanks. The command you gave is for base64 encoding.

Yes it works, But the strange thing is that my generated .mobileconfig is not the same as that generated by Apple iPhone configuration utility.

Reply

Answer 8

Mar 7, 2012 6:47 AM in response to elisonniven

Yes, the key container GUID and the cert container GUID are different. That's normal.

You can reproduce this:

Delete the cert in windows mmc/certificate console, reimport the same cert in mmc/certificate and import this cert in iPCU. You can see the difference in mobileconfig.

Catch only the cert part from mobileconfig and dump it with <certutil.exe -v user.enc>. You see different container GUIDs.

I hope this helps.

Reply

Answer 9

Mar 10, 2012 5:23 AM in response to Bartzy~

Hi fredfrombern,

Thanks for the explanation !

Reply

Answer 10

Oct 5, 2012 7:14 AM in response to fredfrombern (zollikofen)

Hi All, Hi Fred.

I am trying to "Merge the new user.enc file into your unsigned mobileconfig file."

What is the best (Mac) command line tool for this?

sed does not like the line breaks or the "\" character.

Reply